[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security (ugh, Again?)

Date: Fri, 25 May 90 15:37 EDT
To: slug%ai.sri.com@vax.cam.nist.gov
Message-ID: <19900525193734.2.MILLER@ARTEMIS.cam.nist.gov>

Without getting  into  a  debate  about  whether Unux systems really are
secure or not; Hey, I dont even like passwords, security etc.  But, I'ld
like to do something to make our lispms more secure & accessible in some
appropriate combinationq; apparently  its not  too hard  to have  either
extreme, but in the middle?

What I've got in mind is something vaguely resembling the unux approach;
at least our management would feel comfortable; `it looks secure' and
such.  Also, the fewer times you have to say `well these machines dont
work like that' the better off you are (even if they work better!)

The ACL setup doesn't seem to match the model I'm looking for;
and since somebody reported that they couldn't un-install it, I'm
hesitant to experiment with it! 

For example; I would to have the following `features'
  1) To access a machine (telnet or console) you've GOT to log in and
give a password.  Chris sent a nice hack which uses the firewall stuff
to disable select & friends and wont let anything happen till the user
is logged in. But it uses ACL to get the password, which uses the LOCAL
FS (some of our's dont have FS and also the passwords on different
machines diverge). 

[TANGENT: What's the deal with Firewall?  It's in SYS:UNSUPPORTED; in rel
8! Did it die?  Also there are .bin's but no .ibin's; Does it NOT work
on Ivories?] 

  Ideally, I could look up  passwords using Yellow pages?  at  least for
logging into some machines: I've got one machine that could  concievably
supply a  service  (macsyma)  to  all  users  on our lan, including unux
users.  It would  be nice  not to  have to  duplicate the sysadmin tasks
already done by the  sun people.  BTW,  the macsyma machine  in question
has no FS.

Anybody got YP code working? (is it part of NFS? would one need NFS to
implement it?... Presumably I need NFS to set the homedir for these
users anyway.)  

At any rate, ACL has a password table per FS rather than `site wide'
such as YP. Also, apparently the sysadmin must set passwords rather than
the users.

 2) By default (and without extra passwords) all (or most) lmfs directories
should be readable, listable.. by a regular logged in person, but not

 3) on the other hand, good ole' superuser me should be able to do
anything. Ok, I'm willing to type in an extra password for that...

 4) Probably other stuff I haven't thought of too.

It seems that ACL, by itself,  doesn't answer the right questions;  some
combination of ACL & YP would appear to fit better.  Or is it better  to
avoid ACL  altogether?   Note  that  I  haven't  even installed TCP yet,
perhaps that experience will clarify some of the issues for me.

Any help, suggestions, philosophy, and of course, code, would be very